为什么OpenSSL提供了两个重叠的实用程序
genpkey :
OpenSSL> genpkey - Usage: genpkey [options] where options may be -out file output file -outform X output format (DER or PEM) -pass arg output file pass phrase source -<cipher> use cipher <cipher> to encrypt the key -engine e use engine e, possibly a hardware device. -paramfile file parameters file -algorithm alg the public key algorithm -pkeyopt opt:value set the public key algorithm option <opt> to value <value> -genparam generate parameters, not key -text print the in text NB: options order may be important! See the manual page.
和genrsa :
OpenSSL> genrsa - usage: genrsa [args] [numbits] -des encrypt the generated key with DES in cbc mode -des3 encrypt the generated key with DES in ede cbc mode (168 bit key) -seed encrypt PEM output with cbc seed -aes128, -aes192, -aes256 encrypt PEM output with cbc aes -camellia128, -camellia192, -camellia256 encrypt PEM output with cbc camellia -out file output the key to 'file -passout arg output file pass phrase source -f4 use F4 (0x10001) for the E value -3 use 3 for the E value -engine e use engine e, possibly a hardware device. -rand file:file:... load the file (or the files in the directory) into the random number generator
Debian中的文档对此也很奇怪,
genpkey Generation of Private Key or Parameters. genrsa Generation of RSA Private Key. Superceded by genpkey.
genpkey是替代品吗? 如果是这样,它怎么没有-des3 ? 而且,我们如何为其添encryption码,并指定密钥长度?
它清楚地表明, genrsa已被genpkey取代,所以是的, genpkey是替代品。
您可以使用-cipher参数将密码更改为3des
此外,它应该告诉你,要添encryption码,您使用-pass参数
你可以在这里find更多的信息